This article provides an overview of how to understand the Linux kernel firewall for ipv4 using iptables and the Filter table. It is intended for beginners to intermediate linux users and provides an insight on basic configuration concepts.

What is "iptables"?

The iptables program lets slice admins configure the Linux kernel firewall. This tool proves quite useful when you need to block, filter, manipulate or redirect network traffic. Iptables is used specifically for IPv4 whereas ip6tables is used for IPv6, which we'll save for a future article. In this article we'll cover the Filter table within iptables.

Iptables rules are grouped into Chains. A Chain is a ruleset that describes what to do with a packet. This shows us our three Chains - INPUT, FORWARD AND OUTPUT - which are all part of the Filter table.

The INPUT Chain lists all the rules for packets that are destined for the local slice. The FORWARD Chain is used for packets passing through the system(routing etc). And the OUTPUT chain is for packets originating from the slice.

The target column lists the following actions - ACCEPT, REJECT and LOG - which perform as described. The prot column is for network protocols. Common options are tcp, icmp, udp and all. The source and destination columns tell us where the packet is coming from and going to.

Alternatively, you can show the source and destination ip's by issuing the following command with the '-n' flag:

Backup and Restore

Before making any changes to your config it's always a good idea to have a backup. We can use the iptables-save program to do this:

sudo sh -c '/sbin/iptables-save > /etc/iptables.save'

This will save your current iptables configuration to the /etc directory under the name iptables.save. The '-c' part and the quotes are necessary to ensure the sudo permissions are applied to the whole command (otherwise the output redirect at the end could yield a 'permission denied' error).

Now if something gets fouled you can restore it easily using the iptables-restore program as follows:

Be sure to do the 'iptables -F' if the ruleset was not empty as this flushes the current rules from memory.

Here is our example iptables rules file. If you look at this file in a text editor you would see a series of commands, which we will go over in Part 2. This is essentially the output of an iptables-save with some added comments for clarity. You can restore this for the above configuration with:

sudo sh -c '/sbin/iptables-restore < iptables.txt'

Note that you want the file to begin and end with just the text of the rules file. Extra newlines at the beginning or end can confuse iptables-restore.

You should now be able to verify the rules have been restored!

sudo /sbin/iptables -L

Continuing on to Part 2

Now that we know what were looking at, let's move onto basic syntax for adding and deleting rules in Part 2.